Welcome to this week's Symfony Station Communique. It's your weekly review of the most valuable and essential news in the Symfony and PHP development communities.
*Please note that links will open in a new browser window. My opinions, if I present any, will be in bold.
As always, we will start with the official news from Symfony.
Highlight -> "This week, Symfony 5.4.1 and 6.0.1 maintenance versions were released. In addition, the SymfonyWorld 2021 Winter edition conference too place with great success. During the conference, Symfony UX 2.0 was released to add Stimulus 3 support and we introduced an automated way to create and manage Docker containers in Symfony applications. Lastly, the Symfony Demo application released its new version compatible with Symfony 6.0."
SymfonyWorld Winter 2021 featured some great presentations including an overview of Symfony 6.
The new version is the culmination of 2 years of hard work by the community. It embeds all the new features added during the development of Symfony 5, but also removes all the features deprecated during the same period.
With PHP 8.0 as the minimum supported version, Symfony 6 is also an opportunity to embrace new language features.
If you attended SymfonyWorld Winter 2021 you can watch the presentation replay by logging into Symfony Connect and using the link below.
Everything about Symfony 6 Presentation from SymfonyWorld.
Launched in 2018, SymfonyCorp is a company aiming at promoting the Symfony Open-Source framework by creating commercial products around it to ensure its sustainability. The SymfonyCorp team manages symfony.com, the Symfony conferences, the Symfony certification, SymfonyCloud, SymfonyInsight, SymfonyConnect, ...
Symfony announced that SymfonyCorp is hiring remote Symfony developers to work on its internal products and projects.
In news I’m excited about Symfony had this announcement.
“Over the years, Docker has become the de facto standard for building, shipping and running server applications. Docker allows you to store all the instructions needed to build the environment that will host your software next to the code, in the repository of the project.
After 6 years of teamwork, Symfony and API Platform now include an industry-first set of tools designed to automatically create, manage and run the Docker containers needed for your applications.
The Symfony Demo application was introduced in 2015 as a reference application to show how to develop Symfony applications following the recommended best practices. This demo application is useful to:
Test new features
Benchmark Symfony and PHP
It’s been updated for Symfony 6.
Symfony Demo 2.0 Introduces Support for Symfony 6.0
Symfony Live is back for you French speakers.
The SymfonyLive is back in Paris on April 7 and 8, 2022! We have the great pleasure to meet you physically at SymfonyLive Paris 2022! After a year of online conferences, we are delighted to be able to once again find the French-speaking community of Symfony at the Cité Internationale Universitaire in Paris.
SymfonyLive Paris 2022: le retour!
And they also announced the SymfonyWorld 2022 Summer Edition.
Symfony also reviewed all the SymfonyWorld and Symfony Live conferences.
PHP.Watch wrote this heartfelt post and I’m sure most of us share its sentiments.
PHP powers over 75% of the web, and its success is attributed to thousands of PHP contributors, framework authors, PHP tooling developers, IDE and other tooling developers, and the rest of the PHP community.
One of the most impactful contributors to PHP is Nikita Popov. Over the 25 years of PHP's history, there has never been more acceleration in new features, language clean-up, and up-keep than the past few years, and Nikita was behind most of the important changes in PHP before he recently stepped back from the project.
Alex Daubois continues his impressive output. This week he looks at HTTP in Symfony.
The love story between Symfony and HTTP
Via SymfonyCasts: “Today marks 10 years of SymfonyCasts (formerly KnpUniversity)! How that is possible, I have no idea! But, I am quite certain it has something to do with all of you awesome devs - thank you for making this such a fun project to work on!” They continue to explore Symfony security.
This week on SymfonyCasts
Hanane Kacemi looks at Symfony, Docker, and Doctrine ORM.
Symfony and Database
Symfony & Database-Part 2
Anthony Gilbert also had two posts on Symfony and Docker.
Setting up a Symfony application using Docker.
How to set up Symfony & then Dockerize it.
Drupal announced that:
Speaking of Drupal, specbee notes that “Twig tweak module is a huge time saver for Drupal developers working with advanced twig templates. It offers several useful functions and filters that can ease the developer’s job. Developers can also write well formatted code which is more comprehensible.”
Functions and filters to get you started with Twig Tweak in Drupal 9 (with examples)
Christian Kolb wrote “Login throttling is possible with Symfony out of the box since 5.2. But the default configuration doesn't work as soon as you have multiple server instances.
Why? Because it stores the relevant data on the local filesystem.
So all we need to do is to exchange the storage layer with a shared one. How to do this?”
Login throttling with Symfony and multiple server instances
As you by now, I discover Akashic Seer's blog last month, which has Symfony-related posts. Here are a few more.
How to secure individual Symfony AJAX API routes without using API Platform
We also continue to share the treasure trove of Symfony posts on Twilio’s blog.
Open Swoole IDE Helper for v4.8.1 are released with enhanced type hinting. Developers can do code autocompletion within the IDE like VScode or PHPStorm.
Open Swoole IDE Helper released with enhanced type hinting for IDE
The Duckly blog recommends its best plugins for JetBrains’ PhpStorm IDE.
23 Best PhpStorm plugins for 2022
Sequally shows us how to create an PHP 8.1, NGINX and MySQL development environment with Docker.
Docker with PHP 8.1, NGINX, and MySQL
Speaking of NGINX, we recently ran across the following via DeliciousBrain’s newsletter.
“DigitalOcean has a great online tool called NGINXConfig. It comes with a bunch of presets, from standard PHP applications to content management systems like WordPress and Joomla, as well as other popular web frameworks, including Django and Node.js. You can also configure practically everything you might need.”
Cees-Jan Kiewiet writes “PHP 8.1 is out and the hip new feature for non-blocking and asynchronous programming in PHP are fibers. In this post we're going to explore them and see how we at ReactPHP will start with them at the edge.”
async & await at the edge with ReactPHP
The latest edition of PHP Architect magazine is out. Get yours today.
One Java developer came back to PHP after seven years. He was quite surprised.
The Guardian reports “The flaw, dubbed “Log4Shell”, may be the worst computer vulnerability discovered in years. It was uncovered in an open-source logging tool, Log4j, that is ubiquitous in cloud servers and enterprise software used across the industry and the government. Unless it is fixed, it grants criminals, spies and programming novices alike, easy access to internal networks where they can loot valuable data, plant malware, erase crucial information and much more.”
Recently uncovered software flaw ‘most critical vulnerability of the last decade’
NPR reports “When programmers write code, they often rely on some extremely common and freely available bits of software — like using building blocks — to do common tasks. In this case, the vulnerable piece of software was something called Log4j, which is used in the programming language Java and essentially creates a log of activity on a device, copying down everything that happens as programs run.”
Companies scramble to defend against newly discovered 'Log4j' digital flaw
David Crawshaw writes “there is more than enough written on the mechanics of and mitigations for the recent severe RCE in log4j. On prevention, this is the most interesting widely-reshared insight I have seen:
- Log4j maintainers have been working sleeplessly on mitigation measures; fixes, docs, CVE, replies to inquiries, etc.
- Yet nothing is stopping people to bash us, for work we aren't paid for, for a feature we all dislike yet needed to keep due to backward compatibility concerns.
- This is making the rounds because highly-profitable companies are using infrastructure they do not pay for.
It is the second statement in this tweet that is worthy of attention: the maintainers of log4j would have loved to remove this bad feature long ago, but could not because of the backwards compatibility promises they are held to.”
log4j: between a rock and a hard place
Have you published or seen something related to Symfony or PHP that we missed? If so, please contact us.
That's it for this week. Thanks for making it to the end of another extended edition. I look forward to sharing next week's Symfony and PHP news with you on Friday.
Please share this post. :) Be sure to join our newsletter list, so you get each week's communique directly in your inbox (a day early). And follow us on Twitter at @symfonfystation.
Happy coding Symfonistas!